1. Home
  2. Health Information Policy

Health Information Policy

7 September 2025

At Shire Family Medical, your privacy matters — deeply. We understand that your health information is personal, and we are committed to handling it with care, dignity and respect. This policy explains how we collect, use, store and protect your health information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

What Kind of Information We Collect

We may collect your personal and health information when you visit our medical centre, speak with us over the phone, contact us by email, submit forms online, or when information is provided by health professionals involved in your care.

This may include:

  • Your full name, date of birth and contact details
  • Medicare number and private health fund information
  • Medical history, diagnoses, medications, allergies
  • Referrals, test results, treatment plans
  • Family and social history (when relevant to care)
  • Emergency contact information

We may also collect information from:

  • Other healthcare providers (e.g. specialists, hospitals)
  • Government health services (e.g. My Health Record)
  • Carers or family members (with your consent)

Dealing With Us Anonymously

You have the right to deal with us anonymously or under a pseudonym, where it is lawful and practicable. However, in most cases we need to identify you to provide safe and effective healthcare, process Medicare claims, and meet our legal obligations.

Why We Collect Your Information

We only collect what’s necessary to support the provision of safe and coordinated healthcare. This includes:

  • Diagnosing and treating your medical conditions
  • Managing appointments and follow-up care
  • Referring you to other practitioners or specialists
  • Requesting tests, scans or prescriptions
  • Claiming Medicare or private health fund rebates
  • Meeting our legal and accreditation obligations
  • Participating in quality improvement or audit activities

We will always aim to obtain your informed consent when collecting, using or sharing your information, unless required by law or in emergencies.

How We Store and Protect Your Information

Your information is securely stored in electronic and/or paper records, with safeguards in place to prevent unauthorised access, loss or misuse. This includes:

  • Secure passwords and staff access controls
  • Regular system updates and encrypted backups
  • Confidentiality agreements for staff and contractors
  • Ongoing training in privacy and data handling

Who We May Share Your Information With

To support your ongoing care, we may share your information (when appropriate) with:

  • Other GPs, specialists, allied health providers or hospitals
  • Pathology, radiology and pharmacy services
  • Government agencies such as Medicare or My Health Record
  • Health fund providers or accreditation bodies
  • IT support services who maintain our systems (under strict confidentiality)
  • Clinical decision support platforms, which help us improve care by providing evidence-based insights and assistance.

In emergencies, or if required by law, we may use or disclose your information without consent—but only in line with legal obligations.

We will not share your information overseas unless legally required or you have specifically agreed.

POLAR Data Sharing

Our clinic participates in a program called POLAR, which helps improve health services in the community. The data we share is completely de-identified — meaning it cannot be used to identify you — and is used by the Primary Health Network (PHN) to better plan healthcare in our area.

If you prefer not to have your de-identified data included, please let our reception team know.

Use of Heidi Clinical Assistant

To enhance our ability to deliver high-quality, patient-centred care, we offer eligible patients the option to participate in consultations supported by the Heidi Clinical Assistant platform. This tool provides real-time transcription and clinical note support to assist your doctor during your appointment.

Use of Heidi is entirely optional. It is an opt-in service, and you will be asked at the beginning of your consultation if you consent to Heidi being used. If you agree, you will be asked to provide written consent before the service can proceed.

If you prefer not to participate in a Heidi-supported consultation, please advise your doctor or reception team at any time. Choosing not to use Heidi will not affect your access to care.

Accessing Your Health Records

You have the right to request access to your personal medical records held by Shire Family Medical in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

To request access, please contact our reception team. We will respond to your request within a reasonable timeframe.

Fees for Access

We may charge a fee to reflect the reasonable administrative costs as permitted under the Privacy Act for preparing and providing access to your records. These fees may include:

  • Staff time to locate, collate, or prepare the records
  • Photocopying or printing (if a hard copy is requested)
  • Postage (if applicable)
  • Digital media (e.g. USB, CD) if applicable

We will advise you of any applicable costs before processing your request. You will not be charged for simply lodging a request.

Optional Consultation

In some cases, your doctor may recommend a consultation to help explain complex medical information. This is optional and not required for accessing your records unless clinically justified.

Correcting Your Health Records

If you believe that any of your personal medical information held by Shire Family Medical is inaccurate, incomplete, out of date, or misleading, you have the right to request a correction.

To request a correction, please contact our reception team or your treating doctor. We may ask for further details or documentation to help assess the correction request.

We aim to respond to all correction requests within a reasonable timeframe. There is no fee for requesting a correction or for us making changes to your records.

If we do not agree with your request to correct the information, we will:

  • Inform you in writing of the reason, and
  • If requested, place a note on your record stating that you disagree with the information.

How Long We Keep Your Records

We are required by law to retain your health records:

  • For at least 7 years from the date of your last consultation
  • Or until age 25 for children, whichever is longer

After this period, records are securely destroyed or de-identified.

Concerns or Complaints

If you have concerns about how your information has been handled, we encourage you to speak with our Practice Manager.

If you’re not satisfied, you may contact the:

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au

Phone: 1300 363 992

Questions?

If you have any questions about this policy or how your information is managed, please don’t hesitate to ask. We’re always here to help — because caring for you means more than just medicine.

Updates

This policy will be reviewed regularly and updated as required to reflect legislative or practice changes.